$30 off During Our Annual Pro Sale. View Details »

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.9k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
87
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
610
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
840
Antibot pitch deck
Avatar for Bo0oM bo0om
0
160
31337
Avatar for Bo0oM bo0om
0
200
Your back is white
Avatar for Bo0oM bo0om
0
370
FTP2RCE
Avatar for Bo0oM bo0om
1
7.6k
Interpret it!
Avatar for Bo0oM bo0om
0
1.2k

Featured

See All Featured
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
56
14k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
25k
Sharpening the Axe: The Primacy of Toolmaking
Avatar for Bryan Cantrill bcantrill
46
2.6k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
698
190k
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
58
6.2k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
3k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
800
The Pragmatic Product Professional
Avatar for Laura Van Doore lauravandoore
37
7.1k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
122
21k
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
333
24k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!